Paris Hilton and Lindsay Lohan's private MySpace photos are all over the Internet now, thanks to a glitch in the bad APIs.

While the not-so-publicity-shy stars probably won't mind, and none of the photos are all that racy (except for the one of a fully dressed, provocatively posed Hilton in a tanning booth), there's a lesson for us all in this social network privacy flap du jour.

"Anything you upload to a public Web site is not private; it's public. Even if you think it is password protected," says Jeremiah Grossman, chief technology officer at White Hat Security, a Web application security company. "That's the bottom line."

The problem has been fixed so don't bother trying to replicate it. But the breach resurrects the debate over whether the notion of privacy is outdated in a world where you party too much at an event and the next morning an embarrassing photo is up on your friend's Facebook page.

Valleywag blamed data portability, the concept underlying the sharing of data between social networks and other sites.

However, according to MySpace, it had nothing to do with data portability and everything to do with "deprecated APIs."

Grossman attributed it to "insufficient authorization," which he said are common on all types of Web sites, not just social-networking sites.

"MySpace and Yahoo are firmly committed to keeping all users as safe and secure as possible. Recently, MySpace and Yahoo were alerted to a vulnerability within the MySpace widget on the Yahoo mobile platform," MySpace and Yahoo said in a statement. "The functionality of the widget has currently been disabled as we work to roll out an immediate fix."

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
See full bio